Date: Wed, 19 Jan 2011 00:55:02 +0000 From: RW <rwmaillists@googlemail.com> To: freebsd-questions@freebsd.org Subject: Re: harddrive encryption Message-ID: <20110119005502.2de3fd01@gumby.homeunix.com> In-Reply-To: <20110118161040.GC76347@libertas.local.camdensoftware.com> References: <4D34A6EF.30600@alokat.org> <20110117225308.GA40523@slackbox.erewhon.net> <AANLkTinruOxi_1FFDZzfhSojk1u%2B_XfGsJkDiSbMOuMW@mail.gmail.com> <20110118070719.GA51692@slackbox.erewhon.net> <20110118161040.GC76347@libertas.local.camdensoftware.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 18 Jan 2011 08:10:40 -0800 Chip Camden <chip.camden@gmail.com> wrote: > It seems prudent to me to reduce the attack surface to that which > really needs to be defended -- "When you defend everything, you > defend nothing". Not to mention avoiding the overhead of encrypting > OS files. I don't think the plain text is really much of an issue. AFAIK the kinds of attack that use large amounts of plaintext are relatively sophisticated and yield only small amounts of information. Most people only need to worry about passphrase attacks. There are two main advantages to full disk encryption. One is that the non-encrypted part can be kept on a memory stick, which is easier to keep secure. This makes it impractical for an attacker to install modified software while geli is detached - although you are still vulnerable to hardware and firmware modifications. The other main advantage is that it prevents information leakage. If you just encrypt data, you should also give some thought encrypting the swap partition with a one-time key and using tmpfs. There's also /var/tmp which may be mitigated by setting appropriate environment variables to keep user data in home directories. Private information may leak through log or cache files. Some people think it's easier and safer to encrypt the lot. > What do you folks think of the relative merits of AES vs Blowfish for > disk encryption? At the higher levels of paranoia Blowfish's 64 bit block size is a cause for concern, but unless you are going up against serious crypto-analysis I doubt it matters much. However you may need to take account of performance. My fairly old cpu uses 100% of it's single core copying large files between geli partitions. Journalling makes things even worse. If you have cores and cycles to spare you probably wont notice, but it's still there. Blowfish is faster than AES, but some CPUs may be able to offload AES to hardware accelerators.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20110119005502.2de3fd01>